I made a reseller, reseller make a client, client made a website and FTP user and shell user. So far so good except for the shell user:

In the reseller limits, SSH-Chroot Options I checked both "none" and "jailkit"
In turn, the reseller checked "none" and "jailkit" for the client (limit is set to -1 in each)
When the client made the "shell user" we set the "Chroot Shell" option to Jailkit

However the shell user cannot log in via sftp, I see errors like this in the system logs:

I discovered that their shell was set to /bin/false.
So I changed it manually:
usermod -s /usr/sbin/jk_chrootsh site1

Click to expand...

Do not modify an ispconfig user manually. The only thing that you can achieve with that is to break your setup. Please delete the users and sites that you modified manually in ispconfig and recreate them afterwards in ispconfig.

Jailkit is working fine in ispconfig 3.0.2, so we have to find out whats wrong with your installation. Have you installed jailkit before you installed ispconfig or after you installed ispconfig.

Do not modify an ispconfig user manually. The only thing that you can achieve with that is to break your setup. Please delete the users and sites that you modified manually in ispconfig and recreate them afterwards in ispconfig.

Jailkit is working fine in ispconfig 3.0.2, so we have to find out whats wrong with your installation. Have you installed jailkit before you installed ispconfig or after you installed ispconfig.

I have not edited or changed this user in anyway.
By default, these new users are being created with /bin/false for a shell. If this correct behavior?

What other information can I provide to debug this problem?

These are 2 new Debian Lenny installs. The only difference I can think of is that I did install some additional packages and perl modules on the system before installing ISPConfig (not after). Does ISPConfig use any perl modules?

ISPConfig itself does not use perl. But it is possible that external packages like jailkit use it. The shell /bin/false is the correct shell for the main user of a website. Then you create a shell user with jailkit enabled and jailkit the changes the shell for this new user ti the jailkit shell.

I'm using Debian Lenny on 2 servers with ISPConfig 3.0.2 and jailkit is working fine. I do notice 'snoopy' and 'unknown UID:' in your logs. The unknown user ID seems wrong. Also what is 'snoopy' doing? I don't know the answer. Just things to look into.

It actually doens't say "unknown UID", is says "unknown, uid:5004." unknown refers to some other field of information, I'm not sure what.

uid:5004 was the users's UID in /etc/password, that part is correct (or was at the time).

I also noticed that the user's directory tree files under web/ are owned by, for example:

drwxr-xr-x 2 1061 users 216 2010-03-24 04:55 error

and no such user 1061 exists in /etc/password. I don't know where it got 1061 from. I wonder if it's trying to use that in other places (such as while creating a shell user) and that's what's breaking it.

"Also what is 'snoopy' doing? I don't know the answer. Just things to look into."

Snoppy is a logging function. I have been using it for years on all kinds of servers, it works good, and is transparent to all programs. I'm sure there is some 0.01% possibility that snoopy is causing a problem but it is very, very unlikely.

Till: please tell me where I can look or what tests I ran run to try to find _why_ the jailkit user is not being created correctly.

On one of my two ISPConfig servers I also tried doing the automatic upgrade to 3.0.2.1, because I saw elsewhere on the forum that this was recommended in a few cases to fix jailkit problems.

I tried creating new sites and shell users after the upgrade, and it is still the same.

Well, like most folks on these forums I reinstalled fresh and it fixed the problem.

For the record, this time I used the latest jailkit tarball (2.11) from the jailkit site.

One other thing I noticed that I missed last time in the setup - having the full host+domain set as the hostname in /etc/hostname. I wonder if maybe that was what broke the previos setup -- last time I only had the hostname set.

Till, just out of curiosity - what is it that requires having the whole hostname in /etc/hosts?